Opened 11 years ago
Last modified 8 years ago
#26474 new enhancement
Add Filter to Username/Password Fields on Login Form?
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Awaiting Review | Priority: | normal |
| Severity: | normal | Version: | 3.8 |
| Component: | Login and Registration | Keywords: | dev-feedback needs-patch |
| Focuses: | Cc: |
Description
As a state institution, we are required to remain PCI-compliant. One of the areas we've been dinged in scans in the past, albeit an area that they consider "low risk", is the fact that the username and password fields allow autocomplete.
I understand that it's probably not preferable for everyone using WordPress to have autocomplete turned off on those fields, but it would be nice if it was simple to at least filter those fields to turn it off (or, at the very least, add that as one of the "args" that are used when the form is built).
This should obviously be used both in wp-login.php and in the wp_login_form function within wp-includes/general-template.php
I'm happy to work up a patch for this if this is something that might be supported. Thanks.
Attachments (1)
Change History (8)
#3
@
11 years ago
Ideally, would be great to add other parameters as well. I just had to add placeholder="" to both fields.
A work around is to return the string rather than echo the form where your using it and then str_replace the HTML as needed.
Stewart
#4
in reply to:
↑ description
@
10 years ago
- Component changed from General to Login and Registration
- Keywords dev-feedback 2nd-opinion added
Replying to cgrymala:
As a state institution, we are required to remain PCI-compliant. One of the areas we've been dinged in scans in the past, albeit an area that they consider "low risk", is the fact that the username and password fields allow autocomplete.
I understand that it's probably not preferable for everyone using WordPress to have autocomplete turned off on those fields, but it would be nice if it was simple to at least filter those fields to turn it off (or, at the very least, add that as one of the "args" that are used when the form is built).
This should obviously be used both in wp-login.php and in the
wp_login_formfunction within wp-includes/general-template.php
I'm happy to work up a patch for this if this is something that might be supported. Thanks.
It would be great to have an additional filter for the login form as well so we wouldn't have to use output buffers and regex to make customizations. I'd be happy to help with this if needed as well.
#6
@
8 years ago
Attached a diff that creates a function to handle password attributes.
The function applies some defaults, merges in whatever values would be default to a specific password field, and allows a filter to add new attributes.
add_filter( 'wp_password_input_attributes', 'wporg_add_attributes' );
function wporg_add_attributes( $defaults ) {
$attributes = array(
'new_attribute' => 'new_attribute_val',\
);
$attributes = array_merge( $defaults, $attributes );
return $attributes;
}
The above is an example usage of the filter to add a new attribute and value new_attribute="new_attribute_val"
#7
@
8 years ago
My patch only changes the three instances of password inputs in wp-login.php. There are other instances of password inputs in the following files to be changed if approved:
/wp-admin/includes/file.php
/wp-admin/install.php
/wp-admin/user-edit.php
/wp-admin/user-new.php
/wp-includes/general-template.php
/wp-includes/post-template.php
#26579 was marked as a duplicate.